b'                      SPECTO\n                 IN            R\n             F                     G\n         O                             E\n     E\n\n\n\n\n                                       N\n     C\n\n\n\n\n                                           E\nFI\n\n\n\n\n                                           RA\nOF\n\n\n\n\n                                               L\n                                                   OFFICE OF INSPECTOR GENERAL\n                                                       EXPORT-IMPORT BANK\n                                                        of the UNITED STATES\n\n\n\n\nImproper Payments Reporting\n     Ex-Im Bank Generally Complied with Improper\n     Payments Reporting Requirements but Should\n      Improve Its Improper Payments Assessment\n\n\n\n                                                                 March 14, 2013\n                                                                   OIG-AR-13-03\n\x0cTo:         David Sena\n            Senior Vice President and Chief Financial Officer\n\nFrom:       Rebecca Sharek\n            Assistant Inspector General for Audits\n\nSubject:    Audit of Export-Import Bank\xe2\x80\x99s (Ex-Im Bank) Compliance with the\n            Improper Payments Information Act of 2002 (IPIA) for Fiscal Year (FY)\n            2011\n\nDate:       March 14, 2013\n\nThis memorandum transmits Audit Report OIG-AR-13-03, \xe2\x80\x9cImproper Payments\nReporting: Ex-Im Bank Generally Complied with Improper Payments Reporting\nRequirements but Should Improve Its Improper Payments Assessment.\xe2\x80\x9d The audit\nwas initiated to determine whether in FY 2011 Ex-Im Bank complied with IPIA, as\namended by the Improper Payments Elimination and Recovery Act of 2010. We also\nevaluated the accuracy and completeness of Ex-Im Bank\xe2\x80\x99s improper payment\nreporting and efforts to reduce and recover improper payments in FY 2011.\n\nThe audit found that Ex-Im Bank complied with IPIA in that it reported required\ninformation based on the results of its FY 2011 improper payments assessment.\nHowever, Ex-Im Bank should improve its processes for identifying and measuring\nits risk of improper payments. We made five recommendations for corrective\naction. Management generally concurred with the recommendations and we\nconsider management\xe2\x80\x99s proposed actions to be responsive. The recommendations\nwill be closed upon completion and verification of the proposed actions.\n\nWe appreciate the courtesies and cooperation extended to us during the audit. If\nyou have questions, please contact me at (202) 565-3169 or\nrebecca.sharek@exim.gov.\n\n\ncc:     Fred Hochberg, Chairman and President\n        John McAdams, Senior Vice President and Chief Operating Officer\n        Audit Committee\n        Patricia Wolf, Controller\n        Joe Sorbera, Office of the Chief Financial Officer\n        The Senate Homeland Security and Governmental Affairs Committee\n        The House Committee on Oversight and Governmental Reform\n        The Comptroller General\n        The Controller of the Office of Management and Budget\n\n\n                  811 Vermont Avenue, NW Washington, D.C. 20571\n\x0c                     EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n           The Export-Import Bank of the United States (Ex-Im Bank)\n           is the official export-credit agency of the United States. Ex-\n           Im Bank is an independent, self-sustaining executive\n           agency and a wholly-owned U.S. government corporation.\n           Ex-Im Bank\xe2\x80\x99s mission is to support jobs in the United States\n           by facilitating the export of U.S. goods and services. Ex-Im\n           Bank provides competitive export financing and ensures a\n           level playing field for U.S. exports in the global\n           marketplace.\n\n           The Office of Inspector General, an independent office\n           within Ex-Im Bank, was statutorily created in 2002 and\n           organized in 2007. The mission of the Ex-Im Bank Office of\n           Inspector General is to conduct and supervise audits,\n           investigations, inspections, and evaluations related to\n           agency programs and operations; provide leadership and\n           coordination as well as recommend policies that will\n           promote economy, efficiency, and effectiveness in such\n           programs and operations; and prevent and detect fraud,\n           waste, abuse, and mismanagement.\n\n\n\n\nACRONYMS\nAFR        Agency Financial Report\nFY         Fiscal Year\nGAO        Government Accountability Office\nIPERA      Improper Payments Elimination and Recovery Act of 2010\nIPIA       Improper Payments Information Act of 2002\nOCFO       Office of the Chief Financial Officer\nOIG        Office of Inspector General\nOMB        Office of Management and Budget\nPAR        Performance and Accountability Report\n\n\n\n                                AUDIT REPORT OIG-AR-13-03\n\x0c                                 EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nExecutive Summary                                  Ex-Im Bank Generally Complied with Improper\n                                                   Payments Reporting Requirements but Should\n                                                   Improve Its Improper Payments Assessment\n                                                   Audit Report OIG-AR-13-03\n                                                   March 14, 2013\n\n\nWhy We Did This Audit                        What We Found\nImproper payments are payments made          Ex-Im Bank complied with IPIA, as amended by IPERA, in that it\nin the wrong amount, to the wrong            reported all required information based on the results of its FY\nentity, or for the wrong reason. They        2011 improper payments assessment. In addition, Ex-Im Bank has\ncan result from processing errors, a lack    established a number of preventive and detective controls and due\nof information, or fraud. In accordance\n                                             diligence requirements intended to minimize the possibility of\nwith the Improper Payments\nInformation Act of 2002 (IPIA), as\n                                             improper payments. However, we identified the following\namended by the Improper Payments             concerns which we believe reduce the overall usefulness and\nElimination and Recovery Act of 2010         reliability of Ex-Im Bank\xe2\x80\x99s improper payments assessment:\n(IPERA), Inspectors General are                  \xef\x82\xb7 The Office of the Chief Financial Officer (OCFO) incorrectly\nrequired to annually review their\n                                                   concluded that all returned or voided wire and check\nagency\xe2\x80\x99s compliance with improper\npayments legislation and evaluate                  payments are inherently improper and, moreover, were the\nagency efforts to assess, report, and              only improper payments made by Ex-Im Bank. This led to\nreduce improper payments. As a result,             measuring the Bank\xe2\x80\x99s risk of improper payments against a list\nwe reviewed the Export-Import Bank\xe2\x80\x99s               of transactions that were largely not improper as defined by\n(Ex-Im Bank or the Bank) improper                  IPIA, and supported the OCFO\xe2\x80\x99s decision not to test controls\npayments assessment and reporting                  intended to prevent or detect improper payments.\nactivities for fiscal year (FY) 2011.\n                                                 \xef\x82\xb7 The OCFO relied on the results of a risk assessment\nWhat We Recommended                                questionnaire that may not have accurately reflected Ex-Im\n                                                   Bank\xe2\x80\x99s risk of improper payments.\nTo improve Ex-Im Bank\xe2\x80\x99s processes for\nidentifying and assessing its risk of            \xef\x82\xb7 Although OMB recognizes that improper payments may\nimproper payments, we recommended                  include payments based on incomplete, inaccurate, or\nthat the Bank (1) revise its procedures            fraudulent information, the OCFO did not include in its\nto correctly calculate improper                    improper payments assessment certain export credit\npayments rates, (2) reconsider the                 insurance claims later determined to be fraudulent. In FY\nresults of its FY 2011 risk assessment,            2011 alone, the Office of Inspector General \xe2\x80\x93 Office of\n(3) modify its risk assessment scoring             Investigations determined that such claims totaled\nmethod, (4) include in its assessment              $1.3 million.\ninsurance claims paid based on fraud or\nobtain Office of Management and              Given (1) internal control weaknesses we have previously\nBudget (OMB) written approval to             identified, including those in Ex-Im Bank\xe2\x80\x99s key information\ncontinue excluding such payments, and        technology applications, some of which are used to process\n(5) consider the cost effectiveness and      payments, and (2) the weaknesses we observed in the OCFO\xe2\x80\x99s FY\nvalue of conducting recapture audits         2011 improper payments assessment, we believe Ex-Im Bank\xe2\x80\x99s\nand additional periodic testing for\n                                             true risk of significant improper payments is unknown. As a result,\nimproper payments across all program\nareas. Management generally                  its FY 2011 improper payments reporting may be inaccurate and\nconcurred with the recommendations,          incomplete, and its efforts to reduce and recover improper\nwhich will be closed upon completion         payments may be inadequate.\nand verification of corrective action.\n                                             For additional information, contact the Office of the Inspector General at\n                                             (202) 565-3908 or visit www.exim.gov/oig.\n\n\n                                            AUDIT REPORT OIG-AR-13-03\n\x0c                    EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n\nTABLE OF CONTENTS\n\n\nINTRODUCTION\n  Background __________________________________________________1\n  Objectives ____________________________________________________6\n\nRESULTS\n  Finding: Ex-Im Bank Should Improve Its Processes for Identifying\n     and Measuring Its Risk of Improper Payments ____________________7\n     Recommendations, Management\xe2\x80\x99s Response, and Evaluation of\n     Management\xe2\x80\x99s Response ____________________________________14\n\nAPPENDIX A\n  Scope and Methodology ________________________________________18\n  Review of Internal Controls _____________________________________19\n  Federal Laws, Regulations, Policies, and Guidance ___________________19\n  Prior Coverage _______________________________________________19\n\nAPPENDIX B\n  Analysis of Ex-Im Bank\xe2\x80\x99s FY 2011 Improper Payment Log _____________21\n\nAPPENDIX C\n  Ex-Im Bank\xe2\x80\x99s Improper Payment Risk Assessment Questionnaire _______22\n\nAPPENDIX D\n  Management Comments _______________________________________25\n\n\n\n\n                               AUDIT REPORT OIG-AR-13-03\n\x0c                                      EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n                                                                                         INTRODUCTION\n\n\nBackground\n  Each year, the Federal Government wastes billions of taxpayer dollars on improper\n  payments to individuals, organizations, and contractors.1 According to the Office of\n  Management and Budget (OMB), an improper payment is any payment that (1) should not\n  have been made; (2) was made in an incorrect amount, to an ineligible recipient, for\n  ineligible goods or services, or for goods or services not received; or (3) lacks sufficient\n                                                   documentation to determine whether it is\n     The term \xe2\x80\x9cpayment\xe2\x80\x9d means payment or transfer  proper.  2 Improper payments may result from\n\n     of Federal funds (including cash, loans, loan inadequate recordkeeping, inaccurate eligibility\n     guarantees, and insurance subsidies) to any   determinations, inadvertant processing errors,\n     non-Federal person or entity made by or on    lack of timely and reliable information to confirm\n     behalf of a Federal agency, contractor, or    payment accuracy, or fraud.\n       grantee. For purposes of direct loan and loan\n       guarantee programs, such as those   To reduce improper payments, Congress passed\n       administered by the Export-Import Bank,\n                                           the Improper Payments Information Act of 2002\n       improper payments may include disbursements\n                                           (IPIA).3 Congress amended IPIA by enacting the\n       to borrowers, intermediaries, or third-parties for\n                                           Improper Payments Elimination and Recovery\n       defaults, delinquencies, interest or other\n                                           Act of 2010 (IPERA).4,5 As amended, IPIA\n       subsidies, or other payments based on\n                                           requires agencies to review their programs and\n       incomplete,     inaccurate,    or      fraudulent\n       information.\n                                           activities each fiscal year (FY) and identify those\n                                           susceptible to significant improper payments.6\n  Agencies must report in their annual Performance and Accountability Report (PAR) or\n  Agency Financial Report (AFR) estimated significant improper payments and actions to\n  reduce them. In addition, Inspectors General are required to (1) determine whether their\n  respective agencies are compliant with IPIA and (2) evaluate the accuracy and\n  completeness of agency reporting and performance in reducing and recapturing improper\n  payments. To assist agencies and Inspectors General, OMB issued government-wide\n  guidance in 2011.7\n\n  1   M-11-16, \xe2\x80\x9cIssuance of Revised Parts I and II to Appendix C of OMB Circular A-123,\xe2\x80\x9d April 14, 2011.\n  2   OMB Circular A-123, \xe2\x80\x9cManagement\xe2\x80\x99s Responsibility for Internal Control,\xe2\x80\x9d Appendix C.\n  3   Public Law 107-300, November 26, 2002.\n  4   Public Law 111-204, July 22, 2010.\n  5   From this point forward, \xe2\x80\x9cIPIA\xe2\x80\x9d will be used to refer to IPIA as amended by IPERA.\n  6 \xe2\x80\x9cSignificant improper payments\xe2\x80\x9d are gross annual improper payments in the program under review\n  exceeding (1) both 2.5 percent of program outlays and $10 million of all program payments made during the\n  fiscal year reported or (2) $100 million regardless of the improper payment percentage of total program\n  outlays.\n  7   M-11-16, \xe2\x80\x9cIssuance of Revised Parts I and II to Appendix C of OMB Circular A-123,\xe2\x80\x9d April 14, 2011.\n                                                    AUDIT REPORT OIG-AR-13-03\n                                                               1\n\x0c                         EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nOMB Guidance. According to OMB, there are four steps in determining whether an\nagency\xe2\x80\x99s risk of improper payments is significant and to provide valid annual estimates of\nsignificant improper payments. Unless an agency has specific written approval from OMB\nto deviate from these steps, agencies are required to follow them.\n\nIn Step 1, the agency must institute a systematic method to review all programs and\nactivities and identify those that are susceptible to significant improper payments. This\nmethod can be a quantitative evaluation based on a statistical sample or it can take into\naccount risk factors likely to contribute to significant improper payments. At a minimum,\nthe risk factors should include:\n\n   \xe2\x80\xa2   whether the program or activity is new to the agency;\n\n   \xe2\x80\xa2   the complexity of the program or activity, particularly with respect to determining\n       correct payment amounts;\n\n   \xe2\x80\xa2   the volume of payments made annually;\n\n   \xe2\x80\xa2   whether payments or payment eligibility decisions are made outside of the agency;\n\n   \xe2\x80\xa2   recent major changes in program funding, authorities, practices, or procedures;\n\n   \xe2\x80\xa2   the level, experience, and quality of training for personnel responsible for making\n       program eligibility determinations or certifying that payments are accurate;\n\n   \xe2\x80\xa2   significant deficiencies cited in audit reports of the agency, including the agency\n       Inspector General or the Government Accountability Office (GAO); and\n\n   \xe2\x80\xa2   results from prior improper payment work.\n\nIf no programs are identified in Step 1 as susceptible to significant improper payments (i.e.,\nthe improper payment rate of each program is determined to be less than $100 million or\nbelow both 2.5 percent of total program outlays and $10 million of all program payments\nmade during the fiscal year), no further analysis\nis required. However, for each program                  According to OMB, improper payment rates\nidentified as susceptible to significant improper       established in Step 1 should be measures of\npayments, the agency must use an OMB-                   dollars rather than occurrences. In other\napproved methodology in Step 2 to test a sample         words, the improper payment rate should be\nof transactions and obtain a statistically valid        the amount in improper payments divided by\nestimate of the annual amount of improper               the amount in program outlays for a given\npayments. Once testing is complete and the              program in a given fiscal year.\nannual estimated amount of improper payments\nis derived, Step 3 requires the agency to develop and implement a corrective action plan\nthat identifies root causes and establishes reduction targets as well as accountability for\nreducing improper payments. In Step 4, the agency must report in its annual PAR or AFR\nits estimated annual improper payments and its progress in reducing them.\n\n\n                                    AUDIT REPORT OIG-AR-13-03\n                                                 2\n\x0c                       EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nIn addition to analyzing susceptibility to significant improper payments, IPIA requires\nagencies to conduct payment recapture audits for each program and activity that expends\n$1 million or more annually if conducting such audits would be cost effective. OMB defines\na payment recapture audit as a review and analysis of an agency\xe2\x80\x99s or program\xe2\x80\x99s accounting\nand financial records, supporting documentation, and other pertinent information\nsupporting its payments, that is specifically designed to identify overpayments.\n\nExport-Import Bank\xe2\x80\x99s Process for Identifying and Measuring its Risk of Improper\nPayments. To identify and measure its risk of significant improper payments, the Export-\nImport Bank (Ex-Im Bank or the Bank) Office of the Chief Financial Officer (OCFO):\n(1) reviews the Bank\xe2\x80\x99s payment types, (2) compares the total amount of transactions\ncaptured on Ex-Im Bank\xe2\x80\x99s annual Improper Payment Log with IPIA thresholds for\nsignificant improper payments, (3) compiles the results of risk assessment questionnaires\nthat assess each payment type, and (4) documents the internal controls that prevent and\ndetect improper payments along with a summary of the assessment of the Bank\xe2\x80\x99s risk.\nWith OMB\xe2\x80\x99s approval, Ex-Im Bank performs its improper payments assessment one year in\narrears, meaning the analysis for FY 2011 is performed in FY 2012 and reported in Ex-Im\nBank\xe2\x80\x99s FY 2012 AFR.\n\n    Review of Ex-Im Bank Payments. The OCFO reviewed Ex-Im Bank\xe2\x80\x99s FY 2011\npayments, which totaled $2.7 billion, and identified three payment types:\n(1) Administrative Expenses, (2) Claim Payments, and (3) Loan Disbursements. Each\npayment type, which the OCFO defined as a program for the purposes of IPIA, is described\nbelow.\n\n   (1) Administrative Expenses \xe2\x80\x93 Ex-Im Bank has three categories of administrative\n       expenses: compensation and benefits, rental payments on its Washington, D.C.\n       Headquarters building, and contract and invoice payments. Ex-Im Bank\xe2\x80\x99s\n       compensation and benefits are processed by the General Services Administration\xe2\x80\x99s\n       Kansas City, Missouri payroll processing center. In addition, compensation,\n       benefits, and rental payments are paid to the General Services Administration\n       through the intra-government payment system. As intra-governmental\n       transactions, these payments are excluded from the Bank\xe2\x80\x99s improper payments\n       assessment. The remainder of Ex-Im Bank\xe2\x80\x99s 6,301 administrative disbursements\n       were contract and invoice payments totaling $26.1 million. According to the OCFO,\n       the two largest components of these payments were technology- and travel-related\n       expenses.\n\n   (2) Claim Payments \xe2\x80\x93 Ex-Im Bank makes claim payments under its Loan Guarantee and\n       Export Credit Insurance programs. Under the Loan Guarantee Program, the Bank\n       guarantees to a lender that, in the event of a payment default by the borrower,\n       Ex-Im Bank will pay to the lender the outstanding principal and interest on the loan.\n       Specifically, the Bank\xe2\x80\x99s medium term guarantees provide unconditional coverage in\n       the event of default. According to the OCFO, except in certain instances of\n       noncompliance with the terms of the guarantee agreement between the Bank and\n       the guaranteed party, Ex-Im Bank cannot deny payment of the claim even if the\n\n                                  AUDIT REPORT OIG-AR-13-03\n                                              3\n\x0c                    EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n   borrower provided fraudulent information to obtain the underlying credit from the\n   guaranteed lender. Therefore, the OCFO does not include such payments in its\n   improper payments assessment.\n\n   Under the Export Credit Insurance Program, Ex-Im Bank insurance covers\n   exporters\xe2\x80\x99 risk of buyer nonpayment for commercial and certain political reasons.\n   In certain instances, Ex-Im Bank\xe2\x80\x99s insurance policies also provide unconditional\n   coverage in the event of default. Otherwise, Ex-Im Bank insurance policies\n   specifically state that if the insured makes knowingly false, misleading, or\n   fraudulent statements, reports, or claims, the policy becomes void and all claims are\n   forfeited. Therefore, payments for these export credit insurance claims that are\n   later proven to be fraudulent meet the IPIA definition of improper payments.\n\n   The Claims and Recoveries Section of the Office of the Treasurer is responsible for\n   processing requests for disbursements when paying claims on either loan\n   guarantees or export credit insurance, expenses related to claims, and a\n   participant\xe2\x80\x99s share of recoveries or related expenses. During FY 2011, Ex-Im Bank\n   made 657 loan guarantee and export credit insurance claim payments totaling\n   $118.5 million.\n\n(3) Loan Disbursements \xe2\x80\x93 Ex-Im Bank offers fixed-rate loans directly to foreign buyers\n    of U.S. goods and services. Once a loan transaction becomes legally operative, the\n    Operations and Data Quality Division reviews supporting documentation prior to\n    approving a disbursement request. After their review, Operations and Data Quality\n    personnel sign the disbursement approval and send it and supporting\n    documentation to the Program Accounting and Servicing Division. Program\n    Accounting and Servicing staff apply the appropriate fees, print the disbursement\n    voucher, and submit it to a certifying officer who signs the voucher and forwards it\n    to the Cash Control Division for remittance of funds. Although Ex-Im Bank made\n    fewer loan disbursements in FY 2011 than it did administrative or claim payments,\n    due to the large amount of each transaction, loan disbursements comprised\n    95 percent of the value of the Bank\xe2\x80\x99s total payments for the year. Specifically, Ex-Im\n    Bank made approximately 324 payments designated as loan disbursements worth\n    about $2.6 billion, while total FY 2011 payments equaled $2.7 billion.\n\nThe following chart shows the value of Ex-Im Bank\xe2\x80\x99s FY 2011 payments by program\narea.\n\n\n\n\n                               AUDIT REPORT OIG-AR-13-03\n                                           4\n\x0c                           EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n                        Distribution of FY 2011 Payments\n                                              (in millions)\n                   Administrative Expenses       Claim Payments     Loan Disbursements\n\n                                       $26.11, 1%          $118.46, 4%\n\n\n\n\n                                          $2,589.68,\n                                             95%\n\n\n\n\n       Chart 1. Ex-Im Bank\xe2\x80\x99s FY 2011 payments by program area.\n       Source: Office of Inspector General summary of data received from the Ex-Im Bank OCFO.\n\n        Ex-Im Bank\xe2\x80\x99s Improper Payment Log. To determine whether Ex-Im Bank\xe2\x80\x99s risk of\nimproper payments is significant, the OCFO creates and evaluates an Improper Payment\nLog and compares it to IPIA thresholds. As described in the Bank\xe2\x80\x99s internal guidance for\nidentifying and assessing improper payments \xe2\x80\x93 \xe2\x80\x9cEx-Im Bank Process and Procedures for\nImproper Payments\xe2\x80\x9d \xe2\x80\x93 the Improper Payment Log is produced by the Financial Reporting\nOffice and maintained by the Cash Control Supervisor. Specifically, Financial Reporting\nOffice personnel input on a spreadsheet titled \xe2\x80\x9cImproper Payment Log\xe2\x80\x9d those Ex-Im Bank\nwire and check payments that were returned by the U.S. Treasury or U.S. Post Office or\nwere voided by the Bank during the fiscal year. According to the OCFO, all returned wires\nand returned or voided checks are improper payments as defined by IPIA and, moreover,\nrepresent the full population of actual improper payments made by Ex-Im Bank. Therefore,\nstaff calculates the amount of returned wires and returned or voided checks as a\npercentage of all program outlays to determine if the total amount exceeds the IPIA\nthreshold for significant improper payments. If the total amount of transactions from the\nImproper Payment Log does not exceed IPIA thresholds, the OCFO takes no further action\nto test internal controls or identify other possible improper payments. According to Ex-Im\nBank\xe2\x80\x99s internal guidance, this approach \xe2\x80\x9ctests all payments, which is more robust than the\nsampling method allowed for in OMB Memorandum M-11-16.\xe2\x80\x9d\n\n                                                For FY 2011, Ex-Im Bank\xe2\x80\x99s Improper Payment\n  To be considered significant, improper        Log included 144 payments \xe2\x80\x93 66 returned wires\n  payments must exceed $100 million or both     and 78 returned or voided checks \xe2\x80\x93 totaling\n  2.5 percent of total program outlays and      $3.7 million. The OCFO determined that this\n  $10 million of all program payments made      amount did not exceed IPIA thresholds for\n  during the fiscal year.                       significant improper payments. A summary of\n                                                the FY 2011 Improper Log is included in\n                                                Appendix B.\n\n                                       AUDIT REPORT OIG-AR-13-03\n                                                       5\n\x0c                             EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n          Ex-Im Bank\xe2\x80\x99s Improper Payments Risk Assessment Questionnaire. In addition\n  to assessing the results of the Improper Payment Log, Ex-Im Bank\xe2\x80\x99s Financial Reporting\n  Office asked key employees from each department involved in the Bank\xe2\x80\x99s disbursement\n  process to complete a questionnaire based on FY 2011 disbursement activities. The\n  questionnaire \xe2\x80\x93 which was developed by KPMG after an FY 2008 internal audit of Ex-Im\n  Bank\xe2\x80\x99s improper payment processes and procedures \xe2\x80\x93 includes 60 questions that address\n  each of the 5 widely accepted components of internal control (control environment, risk\n  assessment, control activities, information and communication, and monitoring).8 The\n  Financial Reporting Office distributed four copies of the questionnaire: one for\n  administrative expenses, one for claim payments, and two for the loan disbursement\n  process (one for the operations phase of the process and one for the servicing phase). After\n  scoring the four responses received, the OCFO concluded that Ex-Im Bank has a low risk of\n  improper payments in all three programs. Ex-Im Bank\xe2\x80\x99s risk assessment questionnaire is\n  included in Appendix C.\n\n         Ex-Im Bank\xe2\x80\x99s Risk Assessment Summary. The OCFO also issued an FY 2011 risk\n  assessment summary that described the cash disbursement process and documented the\n  internal controls that prevent and detect improper payments. The summary stated that Ex-\n  Im Bank \xe2\x80\x9chas a strong system of internal controls in place to help prevent improper\n  payments and to detect them should they occur.\xe2\x80\x9d In addition, the summary noted that all\n  Ex-Im Bank FY 2011 risk assessment questionnaires showed that the risk of significant\n  improper payments was low and \xe2\x80\x9cactual identified improper payments [from the FY 2011\n  Improper Payment Log] were approximately $3.7 million.\xe2\x80\x9d The summary concluded that,\n  \xe2\x80\x9cBecause of the assessment of a low risk of improper payments and the small amount of\n  known improper payments, the Bank has not established a formal recapture audit plan.\n  However, the Bank does actively pursue recovery of any payment that has been identified\n  as being made improperly. In FY 2011, 100% of the $3.7 million improper payments were\n  recovered.\xe2\x80\x9d As a result, the OCFO determined that no additional action was warranted to\n  assess or reduce Ex-Im Bank\xe2\x80\x99s FY 2011 improper payments or test controls intended to\n  prevent or detect such payments. The results of Ex-Im Bank\xe2\x80\x99s FY 2011 improper payments\n  assessment were reported in the Bank\xe2\x80\x99s 2012 AFR, which reiterated the low risk of\n  improper payments.\n\nObjectives\n  Our objectives were to determine whether Ex-Im Bank was compliant with IPIA, as\n  amended by IPERA, and to evaluate the accuracy and completeness of Ex-Im Bank\xe2\x80\x99s\n  improper payment reporting and efforts to reduce and recover improper payments for FY\n  2011. See Appendix A for details of the audit\xe2\x80\x99s scope and methodology; our review of\n  internal controls; applicable federal laws, regulations, policies, and guidance; and a\n  description of prior audit coverage.\n\n\n\n\n  8 \xe2\x80\x9cExport-Import Bank of the United States 2008 Internal Audit Report, Improper Payment Information Act\n  (IPIA),\xe2\x80\x9d April 30, 2009 (KPMG LLP).\n\n                                         AUDIT REPORT OIG-AR-13-03\n                                                      6\n\x0c                         EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n                                                                               RESULTS\n\n\nFinding: Ex-Im Bank Should Improve Its Processes for Identifying\nand Measuring Its Risk of Improper Payments\n  Ex-Im Bank complied with IPIA, as amended by IPERA, in that it reported all required\n  information based on the results of its FY 2011 improper payments assessment. In\n  addition, Ex-Im Bank has established a number of preventive and detective controls and\n  due diligence requirements intended to minimize the possibility of improper payments.\n  However, we identified the following concerns which we believe reduce the overall\n  usefulness and reliability of Ex-Im Bank\xe2\x80\x99s assessment:\n\n     \xef\x82\xb7   The OCFO incorrectly concluded that all returned or voided wire and check\n         payments are inherently improper and, moreover, were the only improper\n         payments made by Ex-Im Bank. This led to measuring the Bank\xe2\x80\x99s risk of improper\n         payments against a list of transactions that were largely not improper as defined by\n         IPIA, and supported the OCFO\xe2\x80\x99s decision not to test controls intended to prevent or\n         detect improper payments.\n\n     \xef\x82\xb7   The OCFO relied on the results of a risk assessment questionnaire that may not have\n         accurately reflected Ex-Im Bank\xe2\x80\x99s risk of improper payments.\n\n     \xef\x82\xb7   Although OMB recognizes that improper payments may include payments based on\n         incomplete, inaccurate, or fraudulent information, the OCFO did not include in its\n         improper payments assessment certain export credit insurance claims later\n         determined to be fraudulent. In FY 2011 alone, the Office of Inspector General (OIG)\n         \xe2\x80\x93 Office of Investigations determined that such claims totaled $1.3 million.\n\n  Ex-Im Bank\xe2\x80\x99s FY 2011 improper payments risk assessment summary documented a\n  number of controls intended to minimize the possibility of improper payments.\n  Additionally, based on its assessment, the OCFO concluded that Ex-Im Bank\xe2\x80\x99s risk of\n  improper payments was low and determined that it was not cost effective or necessary to\n  conduct payment recapture audits, perform additional steps to identify or reduce improper\n  payments, or test those internal controls intended to prevent or detect them. However,\n  given (1) internal control weaknesses we have previously identified, including those in\n  Ex-Im Bank\xe2\x80\x99s key information technology applications, some of which are used to process\n  payments and applications for Ex-Im Bank products, and (2) the weaknesses we observed\n  in the OCFO\xe2\x80\x99s FY 2011 improper payments assessment, we believe Ex-Im Bank\xe2\x80\x99s true risk\n  of significant improper payments is unknown. As a result, its FY 2011 improper payments\n  reporting may be inaccurate and incomplete, and its efforts to reduce and recover\n  improper payments may be inadequate.\n\n\n\n                                    AUDIT REPORT OIG-AR-13-03\n                                                7\n\x0c                            EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nEx-Im Bank Complied With IPIA Reporting Requirements\nOMB provides specific guidance on what each agency Inspector General should review to\ndetermine if an agency is complaint with IPIA. The table below summarizes the IPIA\nrequirements and the results of our review of Ex-Im Bank\xe2\x80\x99s compliance.\n\n\n                      IPIA Requirement                            Yes/No/Not\n                      Did the agency . . .                        Applicable          Comments\n                                                                                Ex-Im Bank\xe2\x80\x99s FY 2012\n   Publish a PAR or AFR for the most recent fiscal year and                     AFR can be accessed at:\n   post that report and any accompanying materials required           Yes       http://www.exim.gov/a\n   by OMB on the agency website?                                                bout/library/reports/an\n                                                                                nualreports/2012/\n   Conduct a program-specific risk assessment for each\n                                                                      Yes\n   program or activity?\n                                                                                Ex-Im Bank did not\n   Publish improper payment estimates for all programs and\n                                                                      Not       identify any programs as\n   activities identified as susceptible to significant improper\n                                                                   Applicable   susceptible to significant\n   payments as required?\n                                                                                improper payments.\n                                                                                Ex-Im Bank did not\n   Publish programmatic corrective action plans in the PAR            Not       identify any programs as\n   or AFR as required?                                             Applicable   susceptible to significant\n                                                                                improper payments.\n                                                                                Ex-Im Bank did not\n   Publish and meet annual reduction targets for each\n                                                                      Not       identify any programs as\n   program assessed to be at risk and measured for improper\n                                                                   Applicable   susceptible to significant\n   payments?\n                                                                                improper payments.\n   Report a gross improper payment rate of less than                            Ex-Im Bank did not\n   10 percent for each program and activity for which an              Not       identify any programs as\n   improper payment estimate was obtained and published            Applicable   susceptible to significant\n   in the PAR or AFR?                                                           improper payments.\n                                                                                Ex-Im Bank does not\n                                                                                conduct recapture\n                                                                                audits and reported in\n   Report information on its efforts to recapture improper            Not\n                                                                                its FY 2012 AFR that,\n   payments?                                                       Applicable\n                                                                                based on its assessment,\n                                                                                no further action was\n                                                                                required under IPIA.\n\n\n  Table 1. Summary of Ex-Im Bank\xe2\x80\x99s compliance with IPIA reporting requirements.\n  Source: OMB Circular A-123, \xe2\x80\x9cManagement\xe2\x80\x99s Responsibility for Internal Control,\xe2\x80\x9d Appendix C and OIG\n  analysis.\n\nAlthough Ex-Im Bank complied with IPIA reporting requirements, we identified specific\nconcerns related to the Bank\xe2\x80\x99s improper payments assessment.\n\n\n\n\n                                         AUDIT REPORT OIG-AR-13-03\n                                                       8\n\x0c                             EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nPayments Were Incorrectly Identified as Improper\nThe FY 2011 Improper Payment Log was a central component of Ex-Im Bank\xe2\x80\x99s improper\npayments assessment. The OCFO concluded that all payments included on the Log after\nbeing returned by the U.S. Treasury or U.S. Post Office or being voided by Ex-Im Bank were\ninherently improper and, moreover, represented the full population of improper payments\nmade by the Bank. Although IPIA and OMB specifically define when a payment is\nconsidered improper, OCFO staff did not consider the reason the wires and checks were\nreturned or voided when making their determination. Instead, staff compared the total\namount of payments from the Improper Payment Log with the total amount of program\noutlays for the fiscal year. Because the amount of transactions from the Log \xe2\x80\x93 $3.7 million \xe2\x80\x93\n\n       Improper Payments are            Should not have been made,\n       Payments That:\n                                        Were made in an incorrect amount,\n\n                                        Were made to an ineligible recipient,\n\n                                        Were for ineligible goods or services or eligible goods or services not\n                                        received, or\n\n                                        Lack sufficient documentation to determine if they are proper.\n\n      Table 2. Definition of improper payments.\n      Source: Public Law 107-300, November 26, 2002; and OMB Circular A-123, \xe2\x80\x9cManagement\xe2\x80\x99s\n      Responsibility for Internal Control,\xe2\x80\x9d Appendix C.\n\ndid not exceed the IPIA threshold for significant improper payments in FY 2011, the OCFO\ndetermined that it was not cost effective or necessary to take additional action to identify\nother possible improper payments or calculate improper payment rates, as required by\nOMB. Furthermore, because all payments on the Improper Payment Log were returned to\nor voided by Ex-Im Bank, the OCFO reported that it successfully recovered all FY 2011\nimproper payments, which supported the decision not to conduct payment recapture\naudits or test controls intended to prevent or detect improper payments.\n\nHowever, we determined that the Improper Payment Log largely represented a list of\ntransactions that were not improper as defined by IPIA. Specifically, 61 of the 66 wire\npayments on the Log were returned because the payee account number or other payment\ninformation was incorrect, therefore, the payments could not be processed. In addition,\n71 of the 78 checks on the Log were returned or voided because the payee address was\nincorrect and the checks were undeliverable or never received by the payee. In these\ninstances, Ex-Im Bank issued replacement checks and voided the original, missing checks,\ndeeming them improper payments.\n\nWe reviewed supporting documentation for 25 payments from the Improper Payment Log\nand verified that only 3 met the IPIA definition for improper payments.9 Specifically, in two\n\n9   Appendix A describes our sampling methodology.\n\n                                        AUDIT REPORT OIG-AR-13-03\n                                                        9\n\x0c                           EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\ninstances, payments were returned because Ex-Im Bank paid the wrong vendors. The\nremaining payment was improper because there was insufficient documentation to\ndetermine whether it was proper. The other 22 payments included in our review were\nincorrectly classified as improper because, in each instance, Ex-Im Bank was obligated to\nmake the payment and was paying the correct amount to eligible recipients for eligible\ngoods or services received. For example, Ex-Im Bank deemed two checks improper\nbecause they were returned by the U.S. Post Office as undeliverable due to incorrect payee\naddresses. In another instance, a vendor who received an Ex-Im Bank check requested to\nbe paid by wire instead. So Ex-Im Bank voided the check, recorded it as an improper\npayment, and then paid the vendor with a wire. When seven other checks were never\nreceived by the payees, Ex-Im Bank voided the checks, classified them as improper, and\nthen replaced them with new checks. The 12 remaining payments in our sample were wire\npayments that were returned to Ex-Im Bank and deemed improper by the OCFO because\nthe Bank used outdated routing transit numbers and, therefore, the payments could not be\nprocessed.\n\nOCFO personnel told us that they considered missing checks or payments sent to the wrong\naddress improper because they could have been intercepted by the wrong recipient and\ncashed. In addition, they believed that inclusion of such payments on the Improper\nPayment Log merely overstated Ex-Im Bank\xe2\x80\x99s improper payments, making the true risk of\nsignificant improper payments even lower than reported because they reasoned that, if\nthose payments were not improper, then the Bank did not make any improper payments.\nHowever, the OCFO has never conducted testing to identify other possible improper\npayments or calculate improper payment rates. Although payment processing errors were\nmade resulting in returned or voided payments, most of the payments on the Improper\nPayment Log were not truly improper. However, as a result of flawed methodology or a\nlack of understanding, the OCFO incorrectly categorized payments as improper then used\nthe total of those payments to measure Ex-Im Bank\xe2\x80\x99s risk of significant improper payments\nand to determine that additional actions were not warranted.\n\nAppendix B summarizes all 144 payments included on the FY 2011 Improper Payment Log.\n\n\nRisk Assessment Questionnaire May Not Have Accurately Reflected Risk\nThe OCFO\xe2\x80\x99s conclusion of low risk and decision not to conduct additional quantitative tests\nor calculate improper payment rates beyond what was captured on the Improper Payment\nLog was corroborated by the results of Ex-Im Bank\xe2\x80\x99s risk assessment questionnaires. To\nassess the risk in Ex-Im Bank\xe2\x80\x99s programs, the Financial Reporting Office requested and\nreceived four responses to its questionnaire: one for administrative expenses, one for claim\npayments, and two for the loan disbursement process (one for the operations phase of the\nprocess and one for the servicing phase).10 Although the FY 2011 improper payments risk\n10Once a loan becomes legally operative, the Operations and Data Quality Division reviews supporting\ndocumentation prior to approving a disbursement request. Operations and Data Quality personnel send the\nsigned disbursement approval and supporting documentation to Program Accounting and Servicing staff,\nwho apply appropriate fees and print the disbursement voucher for review by a certifying officer prior to\nremittance of funds.\n                                       AUDIT REPORT OIG-AR-13-03\n                                                    10\n\x0c                            EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nassessment summary states that all questionnaires provided evidence of \xe2\x80\x9cstrong internal\ncontrols\xe2\x80\x9d and showed that Ex-Im Bank\xe2\x80\x99s risk of significant improper payments was low, we\nnoted that the risk assessment questionnaire for the operations phase of the loan\ndisbursement process disclosed that almost half of the controls assessed (27 out of 60) and\nintended to prevent or detect improper payments were either weak or were not applicable.\n\nSpecifically, the completed questionnaire indicated elevated risk for 9 questions and\nresponses of \xe2\x80\x9cNot Applicable\xe2\x80\x9d for an additional 18 questions. These 27 questions related to\nkey controls regarding Ex-Im Bank\xe2\x80\x99s internal control environment, and risk assessment,\ninternal control, information and communication, and monitoring activities. For example,\nresponses that suggested elevated risk indicated that:\n\n     \xef\x82\xb7   there is an emphasis on expediting payments within the process;\n\n     \xef\x82\xb7   there are anticipated changes in the program;\n\n     \xef\x82\xb7   there are no mechanisms in place to ensure that personnel understand the purpose\n         of internal control activities; and\n\n     \xef\x82\xb7   there are risks from business process redesign, disruption of information systems\n         processing, and a lack of backup systems.\n\nAlso, controls deemed not applicable included but were not limited to those for assessing\nrisks arising from changing needs, new legislation, downsizing, and a lack of training;\nmonitoring of sub-recipients; automated systems; and addressing prior audit findings.\n\nHowever, the OCFO did not eliminate the 18 items reported as \xe2\x80\x9cNot Applicable\xe2\x80\x9d when it\nscored the questionnaire. Instead, staff scored the 9 responses that indicated elevated risk\nout of a total of 60 questions (or 15 percent), resulting in a score of low risk according to\nthe OCFO\xe2\x80\x99s scoring method.11 Had staff removed from the calculation the 18 factors that\ndid not apply, they would have scored the 9 responses that indicated elevated risk out of a\ntotal of 42 questions (or 21 percent), thereby recognizing medium risk of improper\npayments occurring in the operations phase of the loan disbursement process.\n\nWhen considering the overall risk to the loan disbursement process, medium risk in the\noperations phase would likely be mitigated to some degree by the low risk documented on\nthe questionnaire for the servicing phase. However, potential elevated risk of improper\nloan disbursements is significant because loan disbursements comprised 95 percent, or\n$2.6 billion, of Ex-Im Bank\xe2\x80\x99s FY 2011 payments. As a result, we question whether the loan\ndisbursement program and, therefore, overall agency risk of improper payments is truly\nlow.\n\n\n11 According to the OCFO\xe2\x80\x99s scoring method, if no more than 18 percent of all questions answered indicate\nelevated risk, the overall risk of improper payments is low. A score between 20 percent and 47 percent of all\nquestions answered equals medium risk. A score of 48 percent or more of all questions answered equals high\nrisk.\n\n                                        AUDIT REPORT OIG-AR-13-03\n                                                     11\n\x0c                          EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nAppendix C includes Ex-Im Bank\xe2\x80\x99s improper payment risk assessment questionnaire and\nfurther explains how the OCFO scored the questionnaires to determine risk.\n\n\nImproper Payments Assessment Did Not Include Export Credit Insurance\nClaims Later Determined to Be Fraudulent\nAccording to OMB, improper payments can result from fraud. In addition, certain Ex-Im\nBank export credit insurance policies are void and all claims are forfeited in the event of\nfraud. For example, while Ex-Im Bank may be obligated to provide unconditional coverage\nto commercial lenders who have fulfilled Ex-Im Bank\xe2\x80\x99s due diligence requirements, policies\nare void and all claims are forfeited in certain instances when the beneficiary is an exporter\nwho has committed fraud. However, the OCFO did not include such claims in its improper\npayments assessment. In fact, the FY 2011 improper payments risk assessment summary\nstated that, \xe2\x80\x9cIn FY 2011, Ex-Im [Bank] did not identify any fraudulent payments.\xe2\x80\x9d\n\nBeginning with the semiannual report for the period ended September 30, 2009, the OIG\nhas reported to Ex-Im Bank management the increased risk of fraud in the Bank\xe2\x80\x99s Export\nCredit Insurance Program.12 Each semiannual report, which is transmitted to Bank\nmanagement and Congress and made publicly available, explains that the Export Credit\n                                                     Insurance Program is particularly susceptible to\n   Export Credit Insurance Program. This             fraud schemes by foreign borrowers, U.S.-based\n   Program offers protection in the form of several  exporters, and other transaction participants.\n   different insurance policy types to U.S.          Specifically, criminal activity exploits certain\n   exporters and their lenders against non-          processes within the Program in order to induce\n   payment by foreign buyers due to commercial       Ex-Im Bank to approve insurance coverage. In\n   and political risks. Export credit insurance      addition to describing these risks, the\n   allows exporters to increase export sales by      semiannual reports for the period between\n   limiting international repayment risk, offering\n                                                     April 1, 2010 and September 30, 2012 \xe2\x80\x93 covering\n   credit to international buyers, and enabling\n                                                     the FY 2011 period assessed by the OCFO \xe2\x80\x93\n   exporters to access working capital funds. One\n                                                     describe the successful efforts of the OIG Office\n   fraudulent scheme to exploit the Program\n   involves the falsification of shipping records to\n                                                     of Investigations in investigating specific\n   convince Ex-Im Bank that the described goods      fraudulent claims paid by the Export Credit\n   have been shipped when in fact they have not.     Insurance Program. For FY 2011 alone, the\n                                                     Office of Investigations identified $1,324,073 in\n                                                     fraudulent insurance claims paid.\n\nWhen asked why they did not include in Ex-Im Bank\xe2\x80\x99s improper payments assessment\nthose insurance claims paid and later identified as fraudulent, OCFO personnel stated that\nit would be difficult to accurately measure and report such claims within the framework of\nthe improper payments assessment cycle. Specifically, they noted that IPIA requires\nassessing and reporting improper payments within one fiscal year yet a claim may be paid\nand then determined to be fraudulent years later. In addition, Claims and Recoveries\n\n\n12OIG semiannual reports can be accessed at: http://www.exim.gov/oig/reports/semiannual-reports-and-\ntestimony.cfm.\n\n                                     AUDIT REPORT OIG-AR-13-03\n                                                  12\n\x0c                          EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\npersonnel stated that Ex-Im Bank does not track the amount of fraud within a given\nprogram, making it difficult to measure for the purposes of the improper payments\nassessment.\n\nWhile we recognize the difficulty of accurately matching claims authorized, paid, and\nproven fraudulent from year to year, we believe Ex-Im Bank should make reasonable\nefforts to include fraudulent insurance claims in its improper payment assessment. At a\nminimum, including in the Bank\xe2\x80\x99s improper payments analysis the information made\npublicly available and resulting from OIG investigations would provide a more accurate and\ncomplete estimate of the risk of fraudulent, improper payments so that corrective actions,\nif warranted, can be implemented.\n\nPrior Year Recommendation. As part of our FY 2010 evaluation of Ex-Im Bank\xe2\x80\x99s\ncompliance with improper payments legislation, we reported that the Bank did not include\nin its assessment claim payments that were later determined to have been based on\nfraudulent information.13 As a result, we recommended that Ex-Im Bank include in its\nimproper payments risk assessment claim payments based on fraudulent information and\ndetermine whether additional steps should be taken in accordance with OMB guidance.\nManagement did not concur with the recommendation and noted that Ex-Im Bank\nguarantees provide unconditional coverage in the event of default. Further, management\nstated that, under the term of a guarantee agreement, Ex-Im Bank is required to make the\nclaim payment even if the borrower obtained the underlying credit from the guaranteed\nlender by providing fraudulent information and/or documentation to the lender.\nManagement provided OMB the rationale for excluding fraudulent claims paid in\nassociation with loan guarantees and obtained OMB\xe2\x80\x99s verbal concurrence. However, the\nissue of whether to include in Ex-Im Bank\xe2\x80\x99s improper payments assessment those\ninsurance claims paid based on fraud remains unresolved.\n\n\nEx-Im\xe2\x80\x99s Risk of Significant Improper Payments is Unknown\nDuring the audit, OCFO personnel cited the existence of strong internal controls as a factor\nin Ex-Im Bank\xe2\x80\x99s assessment of its risk of significant improper payments. The FY 2011\nimproper payments risk assessment summary documents those preventive and detective\ncontrols and due diligence requirements that the OCFO believes minimize the possibility of\nimproper payments. In addition, the summary states that, as part of Ex-Im Bank\xe2\x80\x99s annual\nfinancial statement audit, the independent public accountant samples and tests all\ncategories of payments and, although the purpose of this testing is to judge the accuracy of\nthe financial statements and not compliance with IPIA, testing has not revealed material\nimproper payments over the years.\n\n\n\n\n13\xe2\x80\x9cEvaluation of Ex-Im Bank\xe2\x80\x99s Compliance with the Improper Payments Elimination and Recovery Act of\n2010\xe2\x80\x9d (OIG-EV-12-01, March 12, 2012). The report can be accessed at: www.exim.gov/oig/upload/Final-\nReport-Complete-120312.pdf.\n                                     AUDIT REPORT OIG-AR-13-03\n                                                  13\n\x0c                           EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nHowever, we determined that the independent\npublic accountant responsible for the most             \xe2\x80\x9cMy Administration is committed to reducing\nrecent (FY 2012) annual financial statement            payment errors and eliminating waste, fraud,\naudit did not test for improper payments. Also,        and abuse in Federal programs . . . agencies\nrecent OIG audits have cited internal controls         should use every tool available to identify and\nweaknesses likely to increase losses due to            subsequently reclaim the funds associated with\nerrors or fraud. These include weaknesses in           improper payments."\ncontrols related to (1) key information                   \xe2\x80\x93 President Obama, Memorandum of\ntechnology applications, including those used to       March 10, 2010, \xe2\x80\x9cFinding and Recapturing\nprocess payments and applications for Ex-Im            Improper Payments,\xe2\x80\x9d Federal Register, Vol. 75,\nBank products, and (2) the Export Credit               No. 49.\nInsurance Program, including weaknesses that\ncould increase the risk of financial loss through claims or issuance of insurance policies\nbased on erroneous and potentially fraudulent information.14,15 Given these internal\ncontrol weaknesses and the weaknesses we observed in the OCFO\xe2\x80\x99s FY 2011 improper\npayments assessment, we believe Ex-Im Bank\xe2\x80\x99s true risk of significant improper payments\nis unknown. As a result, its FY 2011 improper payments reporting may be inaccurate and\nincomplete, and its efforts to reduce and recover improper payments may be inadequate.\n\n\nRecommendations, Management\xe2\x80\x99s Response, and Evaluation of\nManagement\xe2\x80\x99s Response\n\nTo improve Ex-Im Bank\xe2\x80\x99s processes for identifying and assessing its risk of improper\npayments and to more fully comply with the intent of improper payments legislation, we\nrecommended that the OCFO:\n\n     1. Revise its procedures to ensure that Ex-Im Bank\xe2\x80\x99s improper payments assessment\n        correctly calculates improper payment rates based on those payments that should\n        not have been made; were for incorrect amounts, to ineligible recipients, for\n        ineligible goods or services, or for goods or services not received; or that are\n        otherwise improper payments as defined by IPIA.\n\n            Management\xe2\x80\x99s Response. Management agrees with the recommendation. For\n            the FY 2011 improper payment analysis, Ex-Im Bank utilized three separate\n            tools to assess the risk of improper payments. Ex-Im Bank will expand the\n            analysis and utilize six separate tools in future analysis to assess the risk of\n            improper payments. The Bank will enhance the improper payment analysis by\n            reviewing the existing procedures and expanding the methodology as follows:\n\n14\xe2\x80\x9cAudit of Information Technology Support for Export-Import Bank\xe2\x80\x99s Mission,\xe2\x80\x9d January 24, 2012 (OIG-AR-\n12-04). The report can be accessed at:\nhttp://www.exim.gov/oig/loader.cfm?csModule=security/getfile&pageid=13558.\n15\xe2\x80\x9cAudit of Export-Import Bank\xe2\x80\x99s Short-Term Insurance Program,\xe2\x80\x9d September 28, 2012 (OIG-AR-12-05). The\nreport can be accessed at: http://www.exim.gov/oig/upload/Official-20Final-20Report-20-20Audit-20of-\n20ST-20Ins-20Program-20120928-1.pdf.\n\n                                       AUDIT REPORT OIG-AR-13-03\n                                                   14\n\x0c                   EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n      (1) Continue using the risk assessment questionnaire but conduct a more\n          thorough review of the answers provided, especially those identified as \xe2\x80\x9cNot\n          Applicable;\xe2\x80\x9d\n\n      (2) Continue a qualitative risk assessment review of the payment controls\n          surrounding each of the programs;\n\n      (3) Maintain a list of payments returned to Ex-Im Bank. If there is a significant\n          number or dollar amount of returned items, then investigate further the\n          reason for the returned payments;\n\n      (4) As recommended, the Bank will develop a methodology to factor into the\n          analysis an estimate of insurance claim payments that may have involved\n          fraud;\n\n      (5) The Financial Reporting Office will meet with the Asset Management\n          Division, the Office of the General Counsel, and the OIG to compile a list of\n          newly identified participants of the Bank\'s programs that have committed\n          fraud against the Bank. The list will be checked against payments made\n          during the period of analysis to determine if payments were made to any of\n          these participants;\n\n      (6) The Financial Reporting Office will review OIG reports issued since the last\n          improper payment analysis with a focus on issues identified surrounding the\n          payment process.\n\n      If the analysis of the information gathered from the above indicates a significant\n      risk of improper payment in any of the Bank\'s programs, additional steps will be\n      performed as required by OMB guidance. The recommendation will be\n      implemented for the analysis of the FY 2012 improper payments.\n\n      Evaluation of Management\xe2\x80\x99s Response. Management\xe2\x80\x99s proposed actions are\n      responsive; therefore, the recommendation is resolved and will be closed upon\n      completion and verification of the proposed actions. However, as stated in\n      Recommendation 5, reconsideration of quantitative testing and payment\n      recapture audits in light of the deficiencies we found in Ex-Im Bank\xe2\x80\x99s processes\n      for identifying and measuring its risk for improper payments would further\n      strengthen the Bank\xe2\x80\x99s improper payments assessment.\n\n2. Reconsider the results of its FY 2011 risk assessment given the response for the\n   operations phase of the loan disbursement process and document either (a) a plan\n   to timely address the potential elevated risk of improper loan disbursements, or\n   (b) management\xe2\x80\x99s acceptance of the risk.\n\n      Management\xe2\x80\x99s Response. Ex-Im Bank\'s conclusion of low risk in the direct\n      loan disbursement process was based on the qualitative risk assessment review\n      of the payment controls surrounding loan disbursements, the risk assessment\n\n                              AUDIT REPORT OIG-AR-13-03\n                                          15\n\x0c                     EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n       questionnaires completed by Operations and Data Quality and the Loan and\n       Guarantee Servicing Office, and a review of the returned payment log. With the\n       analysis of all of the data taken together, management believes that the loan\n       disbursement process does not indicate a significant risk of improper payment.\n       In addition, since the FY 2011 analysis there has been no evidence that any of\n       the loan disbursements made during the FY 2011 period were improper.\n\n       Evaluation of Management\xe2\x80\x99s Response. We agree that there may not be a risk\n       of significant improper payments, as defined by IPIA, within the loan\n       disbursement program. However, as stated in the report, one of the two loan\n       disbursement risk assessment questionnaire responses did not support a \xe2\x80\x9clow\xe2\x80\x9d\n       risk rating and indicated the potential for elevated risk. Additionally, as stated in\n       the report, we question the value of using returned payments \xe2\x80\x93 most of which\n       were not improper \xe2\x80\x93 to measure risk of improper payments, particularly in the\n       absence of quantitative testing or payment recapture audits that would detect\n       improper payments in the roughly 7,000 payments that were not returned.\n       However, management is responsible for assessing and accepting its risk.\n       Therefore, the recommendation is resolved and closed for reporting purposes.\n\n3. Modify the method used to score improper payments risk assessment\n   questionnaires to ensure that factors that are not applicable are accurately reflected\n   in the future.\n\n       Management\xe2\x80\x99s Response. Management agrees that the responses to the\n       questionnaires require more in depth analysis after the questionnaire is\n       completed. The questionnaires will be more thoroughly reviewed, especially the\n       "Not Applicable" responses. The recommendation will be implemented for the\n       analysis of the FY 2012 improper payments.\n\n       Evaluation of Management\xe2\x80\x99s Response. Management\xe2\x80\x99s proposed actions are\n       responsive; therefore, the recommendation is resolved and will be closed upon\n       completion and verification of the proposed actions.\n\n4. Either formulate and include in future improper payments risk assessments, at a\n   minimum, a reasonable estimate of fraudulent insurance claim payments based on\n   historical information, or obtain OMB\xe2\x80\x99s written approval to continue excluding such\n   payments from its improper payments assessment.\n\n       Management\xe2\x80\x99s Response. Management agrees with the recommendation. Staff\n       has begun reviewing data on cases closed by the OIG that involved fraud. The\n       OCFO will develop a methodology that factors into the improper payment\n       analysis an estimate of insurance claim payments made during the analysis\n       period that may be fraudulent and therefore improper. The recommendation\n       will be implemented for the analysis of the FY 2012 improper payments.\n\n\n\n\n                                AUDIT REPORT OIG-AR-13-03\n                                            16\n\x0c                   EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n      Evaluation of Management\xe2\x80\x99s Response. Management\xe2\x80\x99s proposed actions are\n      responsive; therefore, the recommendation is resolved and will be closed upon\n      completion and verification of the proposed actions.\n\n5. Consider the cost effectiveness and value of conducting payment recapture audits\n   and additional periodic testing to prevent and detect improper payments in all\n   program areas throughout each fiscal year.\n\n      Management\xe2\x80\x99s Response. Management agrees with the recommendation. If a\n      risk assessment shows an increase in the risk of improper payments in any of\n      the Bank\'s programs or if there is a substantial increase in the amount of\n      improper payments, the Bank will consider engaging a private sector firm to\n      look at the Bank\'s payment processes and procedures and determine if it is\n      beneficial to develop a formal payment recapture audit plan.\n\n      Evaluation of Management\xe2\x80\x99s Response. As stated in the report, agencies are\n      required to conduct payment recapture audits for each program and activity that\n      expends $1 million or more annually if conducting such audits would be cost\n      effective. While we support management\xe2\x80\x99s plan to monitor the need for\n      payment recapture audits in the future, we reiterate that management\xe2\x80\x99s decision\n      not perform such audits was based, in part, on what the OCFO incorrectly\n      identified in its internal guidance \xe2\x80\x93 \xe2\x80\x9cEx-Im Bank Process and Procedures for\n      Improper Payments\xe2\x80\x9d \xe2\x80\x93as a historically \xe2\x80\x9clow amount and volume of improper\n      payments.\xe2\x80\x9d Furthermore, prior to our audit, the OCFO reported that recapture\n      audits were unnecessary because \xe2\x80\x9cEx-Im [Bank] typically recovers 100% of\n      improper payments.\xe2\x80\x9d However, our review demonstrated the payments in\n      question were largely those returned to the Bank by the U.S. Post Office and the\n      U.S. Treasury due to incorrect payee addresses or routing numbers and, in FY\n      2011, were not improper as defined by IPIA.\n\n      OMB memorandum M-11-16, \xe2\x80\x9cIssuance of Revised Parts I and II to Appendix C of\n      OMB Circular A-123,\xe2\x80\x9d April 14, 2011, requires agencies to notify OMB and the\n      agency\'s Inspector General of the decision not to conduct payment recapture\n      audits and include any analysis used by the agency to reach this decision. In\n      addition, agencies must report in their annual PAR or AFR the justification and\n      analysis used to determine that conducting payment recapture audits is not cost\n      effective. Because management has decided not to conduct payment recapture\n      audits in the near-term and to allow the agreed-to corrective actions to take\n      effect, the recommendation is resolved but will remain open pending the OIG\xe2\x80\x99s\n      review of Ex-Im Bank\xe2\x80\x99s FY 2012 improper payments assessment and reporting\n      activities.\n\n\n\n\n                              AUDIT REPORT OIG-AR-13-03\n                                          17\n\x0c                        EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n\n                                                                           APPENDIX A\n\n\nScope and Methodology\n We performed this audit from November 2012 through March 2013 in accordance with\n generally accepted government auditing standards. Those standards require that we plan\n and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable\n basis for our findings and conclusions based on our audit objectives. We believe that the\n evidence obtained provides a reasonable basis for our findings and conclusions based on\n our audit objectives.\n\n Our objectives were to determine whether Ex-Im Bank was compliant with IPIA, as\n amended by IPERA, and to evaluate the accuracy and completeness of Ex-Im Bank\xe2\x80\x99s\n improper payment reporting and efforts to reduce and recover improper payments for FY\n 2011. To determine whether Ex-Im Bank identified, reported, and reduced improper\n payments in accordance with IPIA, we reviewed applicable laws, regulations, Bank\n procedures, and guidance issued by the Council of Inspectors General on Integrity and\n Efficiency. In addition, we interviewed Claims and Recoveries staff as well as OCFO\n personnel, including personnel in the Office of the Treasurer. We also reviewed Ex-Im\n Bank\xe2\x80\x99s FY 2012 AFR, responses to its FY 2011 risk assessment questionnaire, and the FY\n 2011 Improper Payment Log and supporting documentation, including a list of all FY 2011\n payments produced by the OCFO. We also performed the following tasks:\n\n    \xef\x82\xb7   Judgmentally selected and reviewed a sample of 25 of 144 payments reported by\n        Ex-Im Bank as improper in FY 2011. Our sample totaled $2.7 million, or 73 percent\n        of the total $3.7 million reported as improper, and included (where possible) at\n        least one returned wire or returned or voided check from each month in FY 2011, as\n        reported on the Bank\xe2\x80\x99s Improper Payment Log. We interviewed the Cash Control\n        Supervisor and reviewed supporting documentation for the 25 payments to\n        determine whether the payments were correctly classified as improper.\n\n    \xef\x82\xb7   Reviewed the population of FY 2011 payments (7,282 transactions totaling\n        $2.7 billion) to identify possible indicators of improper payments and determine\n        whether Ex-Im Bank\xe2\x80\x99s reported improper payments exceeded IPIA thresholds.\n\n    \xef\x82\xb7   Cross-checked Ex-Im Bank\xe2\x80\x99s spreadsheets of FY 2011 proper and improper\n        payments to test for data reliability and ensure that payments were reported only\n        once.\n\n    \xef\x82\xb7   Reviewed prior OIG reports and supporting workpapers, including those from the\n        \xe2\x80\x9cAudit of Information Technology Support for Export-Import Bank\xe2\x80\x99s Mission,\xe2\x80\x9d (OIG-\n        AR-04, January 24, 2012) and \xe2\x80\x9cAudit of Export-Import Bank\xe2\x80\x99s Short-Term Insurance\n        Program\xe2\x80\x9d (OIG-AR-12-05, September 28, 2012) to identify previously reported\n\n                                   AUDIT REPORT OIG-AR-13-03\n                                               18\n\x0c                        EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n        internal control weaknesses that could impact Ex-Im Bank\xe2\x80\x99s risk of improper\n        payments.\n\n    \xef\x82\xb7   Reviewed prior OIG semiannual reports and information provided by the OIG\xe2\x80\x99s\n        Office of Investigations to identify cases of known fraud in the Export Credit\n        Insurance Program and determine whether fraudulent insurance claim payments\n        identified in FY 2011 were included in Ex-Im Bank\xe2\x80\x99s improper payments\n        assessment.\n\n\nReview of Internal Controls\n\n We reviewed and evaluated the internal controls associated with Ex-Im Bank\xe2\x80\x99s\n identification and reporting of improper payments. We found internal control deficiencies\n as discussed in this report. Our recommendations, if implemented, should correct the\n weaknesses we identified.\n\n\nFederal Laws, Regulations, Policies, and Guidance\n\n We reviewed the following in the course of our audit work:\n\n    \xef\x82\xb7   Public Law 107-300, Improper Payments Information Act of 2002;\n\n    \xef\x82\xb7   Public Law 111-204, Improper Payments Elimination and Recovery Act of 2010;\n\n    \xef\x82\xb7   Executive Order 13520, \xe2\x80\x9cReducing Improper Payments,\xe2\x80\x9d November 2009;\n\n    \xef\x82\xb7   OMB Circular No. A-136 (Revised), \xe2\x80\x9cFinancial Reporting Requirements,\xe2\x80\x9d October 27,\n        2011;\n\n    \xef\x82\xb7   OMB Memorandum M-11-04, \xe2\x80\x9cIncreasing Efforts to Recapture Improper Payments\n        by Intensifying and Expanding Payment Recapture Audits,\xe2\x80\x9d November 16, 2010;\n\n    \xef\x82\xb7   OMB Memorandum M-11-16, \xe2\x80\x9cIssuance of Revised Parts I and II to Appendix C of\n        OMB Circular A-123,\xe2\x80\x9d April 14, 2011; and\n\n    \xef\x82\xb7   \xe2\x80\x9cEx-Im Bank Process and Procedures for Improper Payments.\xe2\x80\x9d\n\n\nPrior Coverage\n\n During the last 5 years, the Ex-Im Bank OIG and GAO have issued five reports of particular\n relevance to the subject of this report. Unrestricted reports can be accessed over the\n\n\n\n                                   AUDIT REPORT OIG-AR-13-03\n                                               19\n\x0c                       EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nInternet at http://www.exim.gov/oig/reports/audits-and-evaluations.cfm (Ex-Im Bank\nOIG) and http://www.gao.gov (GAO).\n\nEx-Im Bank OIG:\n\n   \xef\x82\xb7   \xe2\x80\x9cEvaluation of Ex-Im Bank\xe2\x80\x99s Compliance with the Improper Payments Elimination\n       and Recovery Act of 2010\xe2\x80\x9d (OIG-EV-12-01, March 12, 2012)\n\nGAO:\n\n   \xef\x82\xb7   \xe2\x80\x9cImproper Payments: Remaining Challenges and Strategies for Governmentwide\n       Reduction Efforts\xe2\x80\x9d (GAO-12-573T, March 28, 2012)\n\n   \xef\x82\xb7   \xe2\x80\x9cImproper Payments: Moving Forward with Governmentwide Reduction Strategies\xe2\x80\x9d\n       (GAO-12-405T, February 7, 2012)\n\n   \xef\x82\xb7   \xe2\x80\x9cImproper Payments: Recent Efforts to Address Improper Payments and Remaining\n       Challenges\xe2\x80\x9d (GAO-11-575T, April 15, 2011)\n\n   \xef\x82\xb7   \xe2\x80\x9cImproper Payments: Progress Made but Challenges Remain in Estimating and\n       Reducing Improper Payments\xe2\x80\x9d (GAO-09-628T, April 22, 2009)\n\nIn addition, Ex-Im Bank management engaged KPMG LLP to perform an internal audit of\nimproper payments in FY 2008, prior to the passage of IPERA. The overall objective of the\ninternal audit was to consider the adequacy of the Bank\xe2\x80\x99s improper payments risk\nassessment, compliance with IPIA, and to identify any improvement opportunities. In its\nreport dated April 30, 2009, KPMG recommended that Ex-Im Bank strengthen its formal\nrisk assessment for compliance with IPIA. Management concurred with the\nrecommendation.\n\n\n\n\n                                  AUDIT REPORT OIG-AR-13-03\n                                              20\n\x0c                            EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n\n                                                                                     APPENDIX B\n\n\nAnalysis of Ex-Im Bank\xe2\x80\x99s FY 2011 Improper Payment Log\n As shown in the table below, the OCFO determined that 61 wires and 71 checks (or\n 92 percent of the 144 payments included on Ex-Im Bank\xe2\x80\x99s FY 2011 Improper Payment Log)\n were improper because the Bank used incorrect payee addresses, account numbers, or\n other payment information, which prevented the payments from being delivered or\n processed. Only nine payments were sent to the wrong vendor, were for incorrect\n amounts, or were duplicate payments and, therefore, were correctly categorized as\n improper payments as defined by IPIA.\n\n\n\n     Number of\n                                  Reason Categorized as Improper                      Amount\n    Transactions\n    Returned Wires\n\n          61          Incorrect account number or other payment information          $3,059,652\n\n           1          Cancelled for incorrect amount                                   $236,755\n\n           2          Incorrect vendor*                                                 $84,729\n\n           2          Duplicate payment*                                                 $5,036\n\n    Returned or Voided Checks\n                      Check returned due to incorrect address/Payee never received\n          71                                                                           $243,507\n                      check/Payment could not be processed\n\n           1          Incorrect vendor*                                                 $64,261\n\n           1          Check voided because vendor preferred a wire payment              $25,000\n\n           2          Duplicate payment*                                                 $2,500\n\n           2          Incorrect amount or no payment due*                                $1,704\n\n           1          Check voided because payee was under investigation for fraud         $500\n\n    Total: 144                                                                        $3,723,644\n\n\n\n Table 3. Analysis of Ex-Im Bank\xe2\x80\x99s FY 2011 Improper Payment Log.\n Source: OIG summary of data received from the Ex-Im Bank OCFO.\n *Payments correctly classified as improper.\n\n\n\n\n                                          AUDIT REPORT OIG-AR-13-03\n                                                       21\n\x0c                              EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n\n\n                                                                                            APPENDIX C\n\n\nEx-Im Bank\xe2\x80\x99s Improper Payment Risk Assessment Questionnaire\n\n No.   Risk Assessment Question                                                               Yes   No   N/A\n INTERNAL CONTROL ENVIRONMENT\n 1    Do program management and staff adhere to applicable laws and regulations?\n\n 2     Are employees encouraged to bring internal control problems to management\xe2\x80\x99s\n       attention?\n 3     Does employee training include an emphasis on controls?\n 4     Do program management and staff have appropriate levels of competence and\n       experience to administer the program?\n 5     Are policy and procedures manuals up to date and accessible to the appropriate\n       staff?\n 6     Is there an emphasis on expediting payments?\n 7     Has the majority of the staff been with the payment type more than 1 year?\n RISK ASSESSMENT\n 8     Are policy considerations analyzed for their impact on this payment type?\n 9     Are risks considered arising from changing needs/expectations of Congress,\n       agency officials, and the public?\n 10    Are there any anticipated changes in the payment environment, e.g., program\n       growth, staffing and/or funding cuts etc.\n 11    Are there risks caused by new legislation or regulations?\n 12    Are there unmitigated risks associated with major suppliers and contracts?\n 13    Are there risks resulting from downsizing of agency operations and personnel?\n 14    Are there risks resulting from business process reengineering or redesign of\n       operating processes?\n 15    Is the program in its first year of operation?\n 16    Is the program in its last year of operation?\n 17    Are there risks posed by disruption of information systems processing?\n 18    Are there risks caused by a lack of backup systems availability?\n 19    Are there risks due to highly decentralized program operations?\n 20    If there is a heavy reliance on contractors to perform critical agency operations,\n       have the risks been mitigated?\n 21    Are risks considered that result from the lack of training received by staff?\n 22    Is the computer system used to administer the payment type less than 2 years old?\n       (A new system may not have encountered every possible transaction/event.)\n\n 23    Has the computer system used to administer the payment type been modified\n       within the past 2 years? (A modified system may not have encountered every\n       possible transaction/event.)\n\n\n                                          AUDIT REPORT OIG-AR-13-03\n                                                        22\n\x0c                            EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nNo.   Risk Assessment Question                                                                Yes   No   N/A\n24    Are the criteria simple for manually computing payments?\n25   Is the payment type simple to administer?\nINTERNAL CONTROL ACTIVITIES\n26   Are strong internal controls (IC) in place that would prevent or detect an improper\n     payment or an erroneous element in the payment process?\n27   Are routine audits/reviews made of the payment type over an appropriate\n     threshold amount?\n28   Is access to data, files and programs appropriately controlled?\n29   Has the payment type been administered under time-tested/established\n     regulations?\n30   Are transaction documents properly authorized?\n31    Is there an appropriate level of segregation of duties? (Different individuals handle\n      different aspects of payment transactions?)\n32    Are payments made according to provisions in contracts and grant agreements?\n33    Are there methods to ensure that the control activities described in policy and\n      procedures manuals are actually applied and applied properly?\n34    Has the payment type operated under the appropriate legislation or other major\n      program administration for less than 1 year?\n35    Do payment controls ensure that goods/services were received/delivered prior to\n      payment?\n36    Do appropriate checks and certifications of payment documents ensure that\n      payment information is correct prior to payment, e.g. amount, payee?\n37    Do properly authorized transaction documents have multiple signatures where\n      appropriate?\n38    Are there limits on single individual authorizations, e.g., authorized to approve\n      transactions that are <$5,000?\n39    Does more than 10% of the total number of transactions in this payment type\n      exceed $5,000?\n40    Does the program have a strong system for monitoring sub recipients (if\n      applicable)?\n41    Are built-in system edits a part of comprehensive controls on automated systems,\n      e.g. prepayment and claims processing edits?\n42    Are edit reports designed to display questionable transactions or accounts\n      according to predefined or ad hoc indicators?\n43    Do data file restrictions on automated systems effectively segregate duties?\n44    Are specific user profiles a part of the controls on automated systems?\n45    Does appropriate system security exist on automated systems as required by the\n      Federal Information Security Management Act of 2002?\n46   Do comprehensive controls on automated systems include accounts receivable\n     subsystems?\n47   Do comprehensive controls on automated systems include fraud tracking systems?\nINFORMATION AND COMMUNICATION\n48   Are there mechanisms in place to ensure that supervisors and employees\n     understand the purpose of internal control activities?\n49   Are all legislative changes, regulatory developments, political or economic changes\n     related to the program reported to management?\n\n\n                                         AUDIT REPORT OIG-AR-13-03\n                                                      23\n\x0c                            EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nNo.   Risk Assessment Question                                                              Yes     No   N/A\n50    Is information on all payment discrepancies available on a timely basis to allow\n      effective monitoring of transactions and to allow prompt reaction?\n51    Is operational information provided to managers so that they may determine\n      whether their programs comply with applicable laws and regulations?\n52  Does management communicate frequently with internal oversight groups, such as\n    senior management councils, and keep them informed of performance risks, any\n    other significant events?\nMONITORING\n53  Are control activities regularly evaluated to ensure that they are still appropriate\n    and working as intended?\n54  Have prior audit findings requiring corrective actions been resolved?\n55    Are any payments made to incorrect payees or ineligible recipients?\n56    Are there existing internal control deficiencies (including material weaknesses) in\n      the payment type?\n57    Have contract audits identified any questioned costs?\n58    Have contract audits identified any improper payments >$10,000?\n59    Are contract audits performed either internally or by an external organization?\n60    Are routine audits and/or reviews performed on the specific payment type\n      controls?\n\nResponse        TOTAL SCORE FROM ANSWERS ABOVE\nTotals\nRisk            If Total Score is 0     If Total Score is 12       If Total Score is 29\nAssessment      through 11 = LOW        through 28 = MEDIUM        and Greater = HIGH\nResults         RISK                    RISK                       RISK\nReviewed By:                            Title:                                              Phone:\n\nSignature:                                                                                  Date:\n\n\nEx-Im Bank\xe2\x80\x99s Risk Assessment Scoring Method. Each yes or no response that indicates\nelevated risk is counted towards the total risk assessment score. As shown above, if the\ntotal number of such responses is between 0 and 11 (or no more than 18 percent of all\n60 questions on the questionnaire), the OCFO rates the overall risk of improper payments\nas low. A score between 12 and 28 (or between 20 percent and 47 percent of all\n60 questions) equals medium risk. And a score of 29 or greater (or 48 percent or more of\nall 60 questions) equals high risk. The OCFO does not eliminate or adjust for responses of\n\xe2\x80\x9cNot Applicable\xe2\x80\x9d when scoring the questionnaire.\n\n\n\n\n                                        AUDIT REPORT OIG-AR-13-03\n                                                     24\n\x0c\xc2\xa0\xcd\xb4\xcd\xb7   EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\n                                                                      \xc2\xa0\n                                                         APPENDIX D   \xc2\xa0\n                                                                      \xc2\xa0\n                                                                      \xc2\xa0\n\n\n\n\n              Management Comments\t\n\xc2\xa0         \xc2\xa0\n\n\n\n\n                 AUDIT REPORT OIG-AR-13-03\n                             \xcd\xb4\xcd\xb7\n\x0cMarch 8, 2013\n\nTo:             Rebecca L. Sharek\n                Assistant Inspector General for Audits\n\nFrom:           David M. Sen a  ~~\n                SVP and Chief Financial Officer\n\nRe:             Management Response to OIG Report on Improper Payment Analysis\n\nPlease find attached management\'s response to the Office of Inspector General report on\nthe Bank\'s Improper Payment Analysis. We appreciate the recommendations made in this\nreport and recognize the need for ongoing improvement to better identify and recover\nimproperly made payments as defined by the IPIA. All of the recommendations will be\nimplemented for the analysis ofFY 2012 improper payments.\n\n\n      1. Recommendation\n         Revise its procedures to ensure that Ex-1m Bank\'s improper payments assessment\n         correctly calculates improper payment rates based on those payments that should\n         not have been made; were for incorrect amounts, to ineligible recipients, for\n         ineligible goods or services, or for goods or services not received; or that are\n         otherwise improper payments as defined by IPIA.\n\n         Management Response\n         Management agrees with the recommendation. For the FY 2011 improper payment\n         analysis, Ex-1m utilized three separate tools to assess the risk of improper\n         payments. Ex-1m will expand the analysis and utilize six separate tools in future\n         analysis to assess the risk of improper payments. The Bank will enhance the\n         improper payment analysis by reviewing the existing procedures and expanding the\n         methodology as follows:\n\n                1. Continue using the risk assessment questionnaire but conduct a more\n                   thorough review of the answers provided, especially those identified as\n                   "Not Applicable";\n                2. Continue a qualitative risk assessment review of the payment controls\n                   surrounding each of the programs;\n\x0c          3. Maintain a list of payments returned to Ex-1m. If there is a significant\n             number or dollar amount of returned items, then investigate further the\n             reason for the returned payments;\n          4. As recommended, the Bank will develop a methodology to factor into the\n             analysis an estimate of insurance claim payments that may have involved\n             fraud;\n          5. The Financial Reporting Office will meet with the Asset Management\n             Division, the Office of the General Counsel, and the Office of Inspector\n             General to compile a list of newly identified participants of the Bank\'s\n             programs that have committed fraud against the Bank. The list will be\n             checked against payments made during the period of analysis to\n             determine if payments were made to any of these participants;\n          6. The Financial Reporting Office will review OIG reports issued since the\n             last improper payment analysis with a focus on issues identified\n             surrounding the payment process.\n\n   If the analysis of the information gathered from the above indicates a significant risk\n   of improper payment in any of the Bank\'s programs, additional steps will be\n   performed as required by OMB guidance.\n\n\n2. Recommendation\n   Reconsider the results of its FY 2011 risk assessment given the response for the\n   operations phase of the loan disbursement process and document either (a) a plan\n   to timely address the potential elevated risk of improper loan disbursements, or (b)\n   management\'s acceptance of the risk.\n\n   Management Response\n   Ex-1m\'s conclusion of low risk in the direct loan disbursement process was based on\n   the qualitative risk assessment review of the payment controls surrounding loan\n   disbursements, the risk assessment questionnaires completed by Operations and\n   Data Quality and the Loan and Guarantee Servicing Office, and a review of the\n   returned payment log. With the analysis of all of the data taken together,\n   management believes that the loan disbursement process does not indicate a\n   significant risk of improper payment. In addition, since the FY 2011 analysis there\n   has been no evidence that any of the loan disbursements made during the FY 2011\n   period were improper.\n\x0c      3. Recommendation\n         Modify the method used to score improper payments risk assessment\n         questionnaires to ensure that factors that are not applicable are accurately reflected\n         in the future.\n\n         Management Response\n         Management agrees that the responses to the questionnaires require more in depth\n         analysis after the questionnaire is completed. The questionnaires will be more\n         thoroughly reviewed, especially the "Not Applicable" responses.\n\n\n      4. Recommendation\n         Either formulate and include in future improper payments risk assessments, at a\n         minimum, a reasonable estimate of fraudulent insurance claim payments based on\n         historical information, or obtain OMB\'s written approval to continue excluding such\n         payments from its improper payments assessment.\n\n         Management Response\n         Management agrees with the recommendation. Staff has begun reviewing data on\n         cases closed by the OIG that involved fraud. OCFO will develop a methodology that\n         factors into the improper payment analysis an estimate of insurance claim\n         payments made during the analysis period that may be fraudulent and therefore\n         improper.\n\n\n      5. Recommendation\n         Consider the cost effectiveness and value of conducting payment recapture audits\n         and additional periodic testing to prevent and detect improper payments in all\n         program areas throughout each fiscal year.\n\n         Management Response\n         Management agrees with the recommendation. If a risk assessment shows an\n         increase in the risk of improper payments in any of the Bank\'s programs or if there\n         is a substantial increase in the amount of improper payments, the Bank will\n         consider engaging a private sector firm to look at the Bank\'s payment processes and\n         procedures and determine if it is beneficial to develop a formal payment recapture\n         audit plan.\n\n\ncc:      Fred Hochberg\n         John McAdams\n         Osvaldo Gratacos\n         Laura Wohlford\n\x0c \xc2\xa0\xcd\xb4\xcd\xbb                    EXPORT-IMPORT BANK \xe2\x80\x93 OFFICE OF INSPECTOR GENERAL\n\n\nAcknowledgements\n\n Key\tcontributors\tto\tthis\treport\twere\tMaria\tTse,\tAuditor,\tand\tJulie\tWong,\tIndependent\t\n Referencer.\t\n \t\nTo Report Fraud, Waste, or Abuse, Please Contact:\n\n Email:\t             IGhotline@exim.gov\t\n\n Telephone:\t         1\xe2\x80\x90888\xe2\x80\x90OIG\xe2\x80\x90EXIM\t(1\xe2\x80\x90888\xe2\x80\x90644\xe2\x80\x903946)\t\n\n Fax:\t               (202)\t565\xe2\x80\x903988\t\n\n Address:\t           Office\tof\tInspector\tGeneral\t\n \t                   Export\xe2\x80\x90Import\tBank\tof\tthe\tUnited\tStates\t\n \t                   811\tVermont\tAvenue,\tNW\t\n \t                   Suite\t138\t\n \t                   Washington,\tDC\t\t20571\t\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n \xc2\xa0\n                                                \xc2\xa0\n\n\n\n\n                                                             \xc2\xa0\n\n\n\n\n                                   AUDIT REPORT OIG-AR-13-03\n                                                \xcd\xb4\xcd\xbb\n\x0cOffice of Inspector General\nExport-Import Bank of the United States\n811 Vermont Avenue, NW\nWashington, DC 20571\n202-565-3908\nwww.exim.gov/oig\n\x0c'